Fork me on GitHub
#shadow-cljs
<
2021-10-20
>
rberger07:10:27

I seem to no longer be able to get shadow-cljs to run with SSL on the Mac. I think Apple (and others?) no longer supports self-signed certificates. Or I’m just doing something stupidly wrong. But the same exact setup with the same keystore that worked in June is no longer working. I’ve tried to create a new keystore with a private CA and a server cert and that isn’t working ether. But I have no way to tell where the problem is. Shadow-cljs starts up fine saying

shadow-cljs - HTTP server available at 
shadow-cljs - server version: 2.15.8 running at 
But the browsers won’t connect to ether saying
Safari can't open the page "" because Safari can't establish a secure connection to the server "discovery.local".
And Chrome says:
This site can't provide a secure connectiondiscovery.local sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I suspect my problem may be how I’m setting up the certs and the keystore. I’ve tried a few different instructions and it all goes together without errors, but I don’t know how to confirm that the keystore or any of its inputs are actually correct. The link in the Shadow user guide for setting up the certs for the Mac is 404 https://certsimple.com/blog/localhost-ssl-fix My shadow-cljs.edn file:
{:deps  true
 :nrepl {:port 8777}
 :ssl {:keystore "ssl/keystore.jks"
       :password "super-secret}
 :dev-http {8020 {:root "resources/public"
                  :host "discovery.local"}}
 :http {:host "discovery.local"}

 :builds {:app {:target     :browser
                :output-dir "resources/public/js/compiled"
                :asset-path "/js/compiled"
                :modules    {:app {:init-fn visx.dashboard.core/init}}
                :js-options
                {:resolve
                 {"@daily-co/daily-js"
                  {:target :npm
                   :require "@daily-co/daily-js/dist/daily-iframe-esm.js"}}}
                :release {:output-dir "dist/js/compiled"
                          :compiler-options
                          {:infer-extern :auto
                           :closure-defines
                           {goog.debug.LOGGING_ENABLED           true
                            re_frame.trace.trace_enabled?        false
                            day8.re_frame.tracing.trace_enabled? false}}}}
          :test {:target    :node-test
                 :output-to "out/node-tests.js"
                 :ns-regexp "-test$"
                 :autorun   true}}}
I’m running shadow-cljs 2.15.8 Any suggestions on how to debug / make work, or some current known working guide to create certs and the keystore?

thheller07:10:34

great another 404 ... why can't people keep their pages online 😛

thheller07:10:50

the problem isn't in the cert or the keystore. you need to configure your mac to accept that cert

thheller07:10:44

use https://github.com/FiloSottile/mkcert to create the cert and register it maybe

thheller07:10:05

you can register it manually in mac but I can't remember how exactly

thheller07:10:33

I don't think you should be setting :http {:host "discovery.local"} at all

thheller07:10:15

and likely :dev-http {8020 "resources/public"} should be fine too?

thheller07:10:29

I mean you are limiting the hosts it binds to by specifically setting :host. so it might be binding to the wrong network adapter or so

thheller07:10:45

just leave it out and it'll bind to all. under which hostname you access it doesn't really matter

rberger17:10:48

So if I leave out the host, it binds to 0.0.0.0 (ie all interfaces)? I think I tried that but it was late